first commit.

rroemhild · rroemhild · commit af8016c12fa0 · 2015-02-21T19:08:35.000+01:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,3 @@
+.git
+.gitignore
+README.md
diff --git a/.gitignore b/.gitignore
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,36 @@
+FROM debian:7
+MAINTAINER Rafael Römhild <rafael@roemhild.de>
+
+ENV LDAP_DOMAIN planetexpress.com
+ENV LDAP_ADMIN_SECRET GoodNewsEveryone
+ENV LDAP_ORGANISATION Planet Express, Inc.
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install slapd and requirements
+RUN apt-get update \
+    && apt-get -y --no-install-recommends install \
+        slapd \
+        ldap-utils \
+        openssl \
+        ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create TLS certificate and bootstrap directory
+RUN mkdir /etc/ldap/ssl /bootstrap
+
+# ADD run script
+COPY ./run.sh /run.sh
+
+# ADD bootstrap files
+ADD ./bootstrap /bootstrap
+
+# Initialize LDAP with data
+RUN /bin/bash /bootstrap/slapd-init.sh
+
+VOLUME ["/etc/ldap/slapd.d", "/etc/ldap/ssl", "/var/lib/ldap", "/run/slapd"]
+
+EXPOSE 389
+
+CMD []
+ENTRYPOINT ["/bin/bash", "/run.sh"]
+
diff --git a/README.md b/README.md
@@ -0,0 +1,44 @@
+# OpenLDAP Docker Image for testing
+
+This image provides an OpenLDAP Server for testing LDAP applications, i.e. unit tests. The server is initialized with data from Futurama, Planet Express, Inc. Currently there are only entries for Fry, Lila and Bender. In the future I will add more Crew members and other objects, for more complex tests.
+
+Parts of the image are based on the work from Nick Stenning [docker-slapd][slapd] and Bertrand Gouny [docker-openldap][openldap].
+
+[slapd]: https://github.com/nickstenning/docker-slapd
+[openldap]: https://github.com/osixia/docker-openldap
+
+
+## Features
+
+* Support for TLS
+* Initialized with data from Futurama
+* ~190MB Images size
+
+
+## Usage
+
+```
+docker pull rroemhild/test-openldap
+docker run --privileged -d -p 389:389 rroemhild/test-openldap
+```
+
+
+## LDAP Data
+
+* BASEDN: dc=planetexpress,dc=com
+* ADMIN_DN: cn=admin,dc=planetexpress,dc=com
+* ADMIN_SECRET: GoodNewsEveryone
+
+
+## Exposed ports
+
+* 389
+
+
+## Exposed volumes
+
+* /etc/ldap/slapd.d
+* /etc/ldap/ssl
+* /var/lib/ldap
+* /run/slapd
+
diff --git a/bootstrap/ldif/00_base.ldif b/bootstrap/ldif/00_base.ldif
@@ -0,0 +1,5 @@
+dn: ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: organizationalUnit
+description: Springfield citizens
+ou: people
diff --git a/bootstrap/ldif/10_people.ldif b/bootstrap/ldif/10_people.ldif
@@ -0,0 +1,34 @@
+dn: cn=Philip Fry,ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Philip Fry
+displayName: Philip J. Fry
+sn: Philip
+givenName: Fry
+mail: fry@planetexpress.com
+uid: fry
+
+dn: cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Turanga Leela
+sn: Turanga
+givenName: Leela
+mail: leela@planetexpress.com
+uid: leela
+
+dn: cn=Bender Rodríguez,ou=people,dc=planetexpress,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Bender Rodríguez
+displayName: Bender Bending Rodríguez
+sn: Rodríguez
+givenName: Bender
+mail: bender@planetexpress.com
+uid: bender
diff --git a/bootstrap/ldif/logging.ldif b/bootstrap/ldif/logging.ldif
@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats
diff --git a/bootstrap/ldif/tls.ldif b/bootstrap/ldif/tls.ldif
@@ -0,0 +1,11 @@
+dn: cn=config
+changetype: modify
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
+-
+replace: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
diff --git a/bootstrap/slapd-init.sh b/bootstrap/slapd-init.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+set -eu
+
+
+readonly LDAP_BINDDN="cn=admin,dc=planetexpress,dc=com"
+
+
+file_exist() {
+    local file=$1
+
+    [[ -e $file ]]
+}
+
+
+reconfigure_slapd() {
+    echo "Reconfigure slapd..."
+    cat <<EOL | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_SECRET}
+slapd slapd/internal/adminpw password ${LDAP_ADMIN_SECRET}
+slapd slapd/password2 password ${LDAP_ADMIN_SECRET}
+slapd slapd/password1 password ${LDAP_ADMIN_SECRET}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOL
+
+    dpkg-reconfigure -f noninteractive slapd
+}
+
+
+configure_tls() {
+    echo "Configure TLS..."
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /bootstrap/ldif/tls.ldif -Q
+}
+
+
+configure_logging() {
+    echo "Configure logging..."
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f /bootstrap/ldif/logging.ldif -Q
+}
+
+
+load_initial_data() {
+    echo "Load data..."
+    data=$(find /bootstrap/ldif -maxdepth 1 -name \*_\*.ldif -type f | sort)
+    for ldif in ${data}; do
+        echo "Processing file ${ldif}..."
+        ldapadd -x -D ${LDAP_BINDDN} -w ${LDAP_ADMIN_SECRET} -H ldapi:/// -f ${ldif}
+    done
+}
+
+
+## Init
+
+reconfigure_slapd
+
+chown -R openldap:openldap /etc/ldap
+slapd -h "ldapi:///" -u openldap -g openldap
+
+configure_tls
+configure_logging
+load_initial_data
+
+kill -INT `cat /run/slapd/slapd.pid`
+
+exit 0
+
diff --git a/run.sh b/run.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -x
+
+readonly LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
+readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"
+
+
+make_snakeoil_certificate() {
+    echo "Make snakeoil certificate for ${LDAP_DOMAIN}..."
+    openssl req -subj "/CN=${LDAP_DOMAIN}" \
+                -new \
+                -newkey rsa:2048 \
+                -days 365 \
+                -nodes \
+                -x509 \
+                -keyout ${LDAP_SSL_KEY} \
+                -out ${LDAP_SSL_CERT}
+
+    chmod 600 /etc/ldap/ssl/ldap.key
+}
+
+
+file_exist ${LDAP_SSL_CERT} \
+  || make_snakeoil_certificate
+
+echo "starting slapd on default port 389..."
+chown -R openldap:openldap /etc/ldap
+exec /usr/sbin/slapd -h "ldap:/// ldapi:///" -u openldap -g openldap -d -1
+
